Grsecurity provides among other features two ways to make some memory areas non executable: the Open Wall section does it for the stack, the PaX section for both the heap and the stack. We will see in this chapter how they proceed.
6.1 Open Wall: non-executable stack
This is the feature of Open Wall we are interested in. The important code brought by the patch appears in the arch/i386/kernel/traps.c file, in the Kernel archive, and more precisely in the do_general_protection function, which can detect segmentation faults.
CONFIG_GRKERNSEC_STACK is defined when the Open Wall feature has been activated. Some parts of the code have been skipped as we only want an overview of the Open Wall way to proceed:
asmlinkage void do_general_protection(struct pt_regs * regs, long error_code) {
#ifdef CONFIG_GRKERNSEC_STACK
unsigned long addr;
#ifdef CONFIG_GRKERNSEC_STACK_GCC
unsigned char insn;
int err, count;
No comments:
Post a Comment